COSO FRAMEWORK Verified Quizzes + Top-Scoring
Assignments | A+ Guaranteed| 100% correct
COSO -
Internal Control - A process, effected by an entity's BOD, management, and other
personnel, designed to provide reasonable assurance regarding the achievement of objectives
relating to operations, reporting, and compliance.
Operational Objectives - Tied to entity's mission statement
ex: safeguarding of assets
Reporting Objectives - External financial reporting objective
External Non - Financial Reporting Objectives
Internal Financial and Non- Financial Reporting Objectives
Compliance Objectives - Depend on jurisdiction of operation
Depend on nature of business activities
Characteristics of Objectives of internal Control - ■Specific
■Measurable
■Attainable
■Relevant
■Time - Bound
Components of Internal Control - control environment, risk assessment, control activities,
information and communication, monitoring Activities
, Internal Control Deficiencies - ■A shortcoming in a component or components that
reduces the likelihood of an entity achieving its objectives. If it severely reduces the likelihood
that the entity can achieve its objectives, it is referred to as a major deficiency.
Internal Auditor Responsibility - May be required or optional
all activities within an org are within scope
Communicates findings and interacts directly with management, audit committee, or board
Board of Directors (BOD) - Responsible for overseeing system of controls
Senior Management responsibilities - CEO reports to board
CEO has ultimate responsibility for system of internal controls, supported by the rest of
management
All senior management report to CEO and support CEO with leadership and
execution/maintenance of system of internal control
External auditor responsibilities - ■Audit of internal control may be required
■
■Should report to board or audit committee
■
■Responsibility over internal control remains with management
Roles and Responsibilities: Outside Service Providers - ■Can assume responsibility for a
business process or function
■
■Management can delegate to an outsourced service provider, but remains ultimately
responsible for associated risks
Limitations of Internal Control - absolute assurance is impossible
Assignments | A+ Guaranteed| 100% correct
COSO -
Internal Control - A process, effected by an entity's BOD, management, and other
personnel, designed to provide reasonable assurance regarding the achievement of objectives
relating to operations, reporting, and compliance.
Operational Objectives - Tied to entity's mission statement
ex: safeguarding of assets
Reporting Objectives - External financial reporting objective
External Non - Financial Reporting Objectives
Internal Financial and Non- Financial Reporting Objectives
Compliance Objectives - Depend on jurisdiction of operation
Depend on nature of business activities
Characteristics of Objectives of internal Control - ■Specific
■Measurable
■Attainable
■Relevant
■Time - Bound
Components of Internal Control - control environment, risk assessment, control activities,
information and communication, monitoring Activities
, Internal Control Deficiencies - ■A shortcoming in a component or components that
reduces the likelihood of an entity achieving its objectives. If it severely reduces the likelihood
that the entity can achieve its objectives, it is referred to as a major deficiency.
Internal Auditor Responsibility - May be required or optional
all activities within an org are within scope
Communicates findings and interacts directly with management, audit committee, or board
Board of Directors (BOD) - Responsible for overseeing system of controls
Senior Management responsibilities - CEO reports to board
CEO has ultimate responsibility for system of internal controls, supported by the rest of
management
All senior management report to CEO and support CEO with leadership and
execution/maintenance of system of internal control
External auditor responsibilities - ■Audit of internal control may be required
■
■Should report to board or audit committee
■
■Responsibility over internal control remains with management
Roles and Responsibilities: Outside Service Providers - ■Can assume responsibility for a
business process or function
■
■Management can delegate to an outsourced service provider, but remains ultimately
responsible for associated risks
Limitations of Internal Control - absolute assurance is impossible
